Exclusive: U.S. FTC asking Apple about health data protection

Christina Farr, Diane Bartz

4 Min Read

SAN FRANCISCO/WASHINGTON (Reuters) - The U.S. Federal Trade Commission is seeking assurances from Apple Inc (AAPL.O) that it will prevent sensitive health data collected by its upcoming smartwatch and other mobile devices from being used without owners’ consent, two sources told Reuters.

The Apple logo is lit on the first day of sale for the iPhone 6 and iPhone 6 Plus, in Sydney September 19, 2014. REUTERS/David Gray

The two people, both familiar with the FTC’s thinking, said Apple representatives have met on multiple occasions with agency officials in recent months, to stress that it will not sell its users’ health data to third-party entities such as marketers or allow third-party developers to do so.

Apple said it works closely with regulators around the world, including the FTC, to describe built-in data protections for its services. “We’ve been very encouraged by their support,” Apple spokeswoman Trudy Muller told Reuters.

Apple developed its new HealthKit platform, which manages data from mobile health apps, to give consumers control over how their information is used and shared. “We designed HealthKit with privacy in mind,” said Muller.

There are no indications that the FTC intends to launch a formal investigation or inquiry into the matter, but the dialogue underscores the agency’s interest in how the increasing wealth of consumer-generated health and fitness data will be safeguarded.

The FTC declined to comment.

The FTC is paying particularly close attention to Apple’s upcoming smartwatch, which can track a user’s pulse and potentially store health-related information, the two sources said.

Apple hopes its upcoming Apple Watch and HealthKit platform will become the lynchpins in a broad push into mobile healthcare, a potentially lucrative field that rivals Google and Samsung are also exploring.

FTC Commissioner Julie Brill in May said the agency is concerned about the risks of health data that flows outside of a medical context, such as information collected via wearables and mobile health apps.

The agency also requested that Congress enact legislation to make the practices of data brokers more visible.

Most data that consumers store in mobile health apps is not covered by privacy rules known as HIPAA, the Health Insurance Portability and Accountability Act. But the FTC has stressed that this data is still highly sensitive and is keen on investigating how any consumer-generated data gathered is shared, exchanged, and protected.

The agency has made it a priority to examine whether mobile health developers marketing apps on Apple’s iOS and Google’s Android platforms are taking precautions to safeguard user privacy, the sources said.

The FTC also concluded in a recent study that many developers share or sell health data. The study found that developers of 12 mobile health and fitness apps were sharing user information with 76 different parties, such as advertisers.

Apple is turning to a team of outside experts, including health data protection lawyer Marcy Wilder, to respond on health issues, said one of the sources and another person familiar with the matter.

The company also is considering appointing an in-house health privacy czar, the sources said.

Some experts say Apple is setting a strong precedent for health data privacy. Apple requires that users must give consent before app developers are granted access to their health information, and that data logged by its smartwatch is encrypted on the device.

In late August, Apple tightened its privacy rules to ensure that personal data collected through HealthKit would not be used by developers for the purposes of advertising or other data-mining purposes. It also said apps that access HealthKit are required to have a privacy policy, although it remains to be seen how Apple will enforce this rule.